CVE-2025-9142
Published: 14 January 2026
Summary
CVE-2025-9142 is a high-severity Path Traversal (CWE-22) vulnerability in Checkpoint (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-9142 is a path traversal vulnerability (CWE-22) affecting the Harmony SASE Windows client from Check Point. Published on 2026-01-14, it enables a local user to trigger the client to write or delete files outside the intended certificate working directory. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity with local attack vector, high attack complexity, low privileges required, and user interaction needed, along with changed scope and high impacts to confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability by inducing user interaction to manipulate certificate handling, causing the Harmony SASE Windows client to perform unauthorized file writes or deletions beyond its designated working directory. Successful exploitation could allow arbitrary file modification or removal, potentially leading to privilege escalation, data corruption, or denial of service, given the high impact ratings across confidentiality, integrity, and availability with scope change.
Check Point has published advisory SK184557 at https://support.checkpoint.com/results/sk/sk184557, which provides details on the issue and recommended mitigations for the Harmony SASE Windows client.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2484
Vulnerability details
A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal enables arbitrary local file writes/deletes, directly facilitating privilege escalation (T1068), file deletion for indicator removal (T1070.004), and stored data manipulation (T1565.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates file paths supplied to the Harmony SASE client to block traversal sequences that would allow writes or deletes outside the certificate directory.
Enforces authorization checks on all file-system operations performed by the client, preventing unauthorized writes/deletes beyond the intended working directory.
Restricts the privileges assigned to the Harmony SASE client process so that even a successful path traversal cannot affect files outside its minimal required scope.